“Let’s be candid,” Nick writes. “Typical CISOs can’t answer the questions above in financial terms.” Instead, they’re focused on technical metrics, such as maturity scores achieved or controls implemented.
But now, “cyber risk quantification is enabling a completely new way of communicating and reporting on risk.”
To make the point, Nick shares charts showing outputs from analyses on the RiskLens Platform, based on the FAIR ™ standard for cyber risk quantification.
“Dashboards, key risk indicators, ROI on security projects – this is a different level of communication than CISOs have been able to offer boards before” that “allows CISOs to make their support case in the bottom-line language the board wants to hear,” Nick writes.
Read the complete article Building a Cyber Risk Report Your Board Will Love in Infosecurity Magazine.
More recent recognition of FAIR and the business imperative for cyber risk quantification: